Your PowerGUI Community: Simplify your PowerShell related GUI and script editing needs.


Find users with no scriptpath attribute

This question is answered
I am a new powershell user and just trying to make my admin load a bit easier while learning powershell.
I was recently pointed at your tools to try get-qaduser for my problem.
I am trying to search a specific OU for all users that have no entry in their Logon Script (scriptpath) entry.

I worked out:
get-qaduser -searchroot 'ADname/OUname' -objectattributes @{scriptpath = '*'} -includedproperties 'scriptpath' | format-table name, scriptpath

This gets me a list of all users in the correct OU that have anything in the scriptpath attribute. I have not been able to find a way to reverse this @{scriptpath = '*'}.

I have tried
!
-not
-ne
-notmatch
-notlike
and using '' instead of '*'

Somebody else suggested:
get-qaduser -searchroot 'ADname/OUname' |where{$_.scriptpath -eq $null}

But this just returns nothing, even when I know that there is a user with nothing in the attribute.

Anyone here have any other ideas for me?

anks for your time.
Verified Answer
  • To perform search by empty attribute use next syntax:

    get-qaduser -searchroot 'ADname/OUname' -ldapfilter '(!(scriptpath=*))' -includedproperties 'scriptpath' | format-table name, scriptpath
All Replies
  • To perform search by empty attribute use next syntax:

    get-qaduser -searchroot 'ADname/OUname' -ldapfilter '(!(scriptpath=*))' -includedproperties 'scriptpath' | format-table name, scriptpath
  • Perfect! Thanks a lot. now I just have to study up so I can understand all the symbols and operators that are used.
    It works, now i just have to figure out why.
  • OK, I have one other question about this script:

    get-qaduser -searchroot 'ADName/americas/finance' -searchscope base -ldapfilter '(!(scriptpath=*))' -includedproperties 'scriptpath' | format-table name, scriptpath, homefolder, homedrive

    I have several OUs I want to search, some of them nested. the searchscope doesn't seem to be running as I expect from the documentation.

    As in my example ablove, I assume this script should search just the ADname/americas/finance OU and output a list of the users that have no login script with their homedrive and homefolder entries.

    With the base argument added to the -searchscope, I get no results, when I know that there is a user with no login script in the finance OU. If I leave it off or put in onelevel or subtree it works. I also have users in the americas OU that will show up, but I want to keep those as a separate report.

    Am I just misunderstanding the -searchscope syntax?
  • quote from help (get-help get-qaduser -full)

     -SearchScope <SearchScope>
         Specify one of these parameter values:
            'Base'     Limits the search to the base (SearchRoot) object.
                       The result contains a maximum of one object.

            'OneLevel' Searches the immediate child objects of the base (SearchRoot)
                       object, excluding the base object.
            'Subtree'  Searches the whole sub-tree, including the base (SearchRoot)
                       object and all its child objects.

    So if you want to get users from your OU without any sub-OUs, use 'OneLevel' scope